- From: Hallvord R. M. Steen <hsteen@mozilla.com>
- Date: Fri, 24 Oct 2014 03:22:49 -0700 (PDT)
- To: public-webapps <public-webapps@w3.org>
Status of the Clipboard API spec: There are some open bugs. The test suite is on its way into web-platform-test but there's no progress on the review AFAIK. Apart from those bugs I think the spec is quite solid. Here are the bugs: https://www.w3.org/Bugs/Public/buglist.cgi?product=WebAppsWG&component=Clipboard%20API%20and%20events&resolution=--- I'll comment on each to give a status update, please comment in the relevant bugs if you have input or ideas: 21700 spec "strip possibly dangerous content before inserting rich text paste markup" I was hoping there is an algorithm to sanitize HTML somewhere else that we can just reference. A full algorithm doesn't really belong in this spec. I haven't so far found the right thing to refer to. 21699 [spec.next] figure out how to make clipboard data type support discoverable This requires coming up with a new API method and resolving fingerprinting concerns. It would be nice to have but I haven't figured it out yet, and IMO we can ship the current spec first and do this in a future version.. 23538 Sort out markup from local source (i.e. word processor) referencing images on disk This needs some feedback from developers who have worked on clipboard integration on various platforms. The main question: is it generally possible on [platform] to tell whether a string of HTML was placed on the clipboard by a local application? Some HTML on the clipboard might come from * a web page, opened in some random web browser, content copied by the user or written to clipboard by JS * a word processor or other software running locally Is there any hope of being able to distinguish those scenarios across platforms? If not we need to wontfix this and change the spec accordingly. 27010 allow beforepaste event listeners to inspect type of clipboard contents (?) This is a relatively easy fix, but it may have some privacy implications that we haven't figured out yet. 21698 figure out if we can add MathML to "Mandatory data types" list This one probably just needs a bit more discussion and votes for/against? I'm not sure what this requires from implementors or what native types (if any) match MathML. 23536 figure out if "mixed clipboard content" is testable, write tests if it is Still don't know how or if this really works on various platforms. 23537 [spec.next] expose origin of HTML markup when possible? IE adds some meta data to the HTML when writing it to the clipboard. We should perhaps spec IE's format, or maybe mandate that implementations writing HTML to the clipboard should also add a text/uri-list entry giving the original location of the HTML content? Then we might add an event.sourceURL property. This is also a features-vs-privacy thing, I'm not absolutely certain I want to inform any page I paste into what page I copied something from. But some pages or apps could probably make good use of this information. I'd like to get 21700, 23538, 27010 and 21698 addressed before a new WD. Input from implementors and web developers is always welcome, of course. -Hallvord
Received on Friday, 24 October 2014 10:23:17 UTC